VULNERA Pulse

Fortinet — FortiOS

CVE-2024-21762 / Added: Feb. 9, 2024

CRITICAL CVSS 9.80

Fortinet FortiOS contains an out-of-bound write vulnerability that allows a remote unauthenticated attacker to execute code or commands via specially crafted HTTP requests.

Headlines

• Feb. 9, 2024 - New Fortinet RCE bug is actively exploited, CISA confirms
• Feb. 9, 2024 - Critical Alert: FortiOS Vulnerable to Remote Code Execution (CVE-2024-23113)
• Feb. 9, 2024 - Fortinet Releases Security Advisories for FortiOS and FortiClientEMS | CISA
• Feb. 9, 2024 - Fortinet Releases Security Advisories for FortiOS | CISA
• Feb. 9, 2024 - Fortinet Warns of New FortiOS Zero-Day
• Feb. 9, 2024 - Multiple Vulnerabilities in FortiOS Could Allow for Remote Code Execution
• Feb. 9, 2024 - Fortinet warns of a new actively exploited RCE flaw in FortiOS SSL VPN
• Feb. 9, 2024 - Fortinet Warns of Critical FortiOS SSL VPN Vulnerability Under Active Exploitation
• Feb. 8, 2024 - New Fortinet RCE flaw in SSL VPN likely exploited in attacks
• Feb. 8, 2024 - CVE-2024-21762 (CVSS 9.6): FortiOS SSL-VPN Zero-Day Pre-Auth RCE Flaw

Back to top ↑

Google — Chromium V8 Engine

CVE-2023-4762 / Added: Feb. 6, 2024

HIGH CVSS 8.80 EPSS Score 34.86 EPSS Percentile 96.96

Google Chromium V8 contains a type confusion vulnerability that allows a remote attacker to execute code via a crafted HTML page.

Headlines

• Feb. 7, 2024 - CISA adds Google Chromium V8 Type Confusion bug to its Known Exploited Vulnerabilities catalog
• Feb. 7, 2024 - CISA warns of a patched Chrome flaw now exploited in attacks
• Jan. 23, 2024 - Days After Google, Apple Reveals Exploited Zero-Day in Browser Engine
• Jan. 16, 2024 - Google fixes first actively exploited Chrome zero-day of 2024
• Dec. 20, 2023 - Google fixes 8th Chrome zero-day exploited in attacks this year
• Nov. 29, 2023 - Google Patches Seventh Chrome Zero-Day of 2023
• Sept. 29, 2023 - Spyware Vendor Targets Egyptian Orgs With Rare iOS Exploit Chain
• Sept. 28, 2023 - Chrome Flags Third Zero-Day This Month That's Tied to Spying Exploits
• Sept. 28, 2023 - Google Rushes to Patch New Zero-Day Exploited by Spyware Vendor
• Sept. 25, 2023 - Predator Spyware Delivered to iOS, Android Devices via Zero-Days, MitM Attacks
• Sept. 25, 2023 - Predator exploit patched in iPhones, iPads
• Sept. 23, 2023 - Apple and Chrome Zero-Days Exploited to Hack Egyptian ex-MP with Predator Spyware
• Sept. 22, 2023 - Recently patched Apple and Chrome zero-days exploited to infect devices in Egypt with Predator spyware
• Sept. 22, 2023 - Apple squashes bugs exploited by Predator spyware
• Sept. 22, 2023 - Recently patched Apple, Chrome zero-days exploited in spyware attacks
• Sept. 22, 2023 - 0-days exploited by commercial surveillance vendor in Egypt
• Sept. 6, 2023 - Chrome 116 Update Patches High-Severity Vulnerabilities

Back to top ↑

CVE-2024-23109

CRITICAL CVSS 9.80 EPSS Score 0.07 EPSS Percentile 27.22

Risk Context N/A

Published: Feb. 5, 2024

An improper neutralization of special elements used in an os command ('os command injection') in Fortinet FortiSIEM version 7.1.0 through 7.1.1 and 7.0.0 through 7.0.2 and 6.7.0 through 6.7.8 and 6.6.0 through 6.6.3 and 6.5.0 through 6.5.2 and 6.4.0 through 6.4.2 allows attacker to execute unauthorized code or commands via via crafted API requests.

Vendor Impacted: Fortinet

Product Impacted: Fortisiem

Quotes

• Potentially being exploited in the wild
• Improper neutralization of special elements
• If the affected user has administrative privileges, these actions could include modifying the system configuration and creating new privileged accounts
• A out-of-bounds write vulnerability [CWE-787] in FortiOS may allow a remote unauthenticated attacker to execute arbitrary code or command via specially crafted HTTP requests
• A modification was made to the original FG-IR-23-130 - which commonly happens to ensure ongoing accuracy of information and updates are pushed to the NVD Database in parallel to keep the two systems in sync
• Multiple improper neutralization of special elements used in an OS Command vulnerability [CWE-78] in FortiSIEM supervisor may allow a remote unauthenticated attacker to execute unauthorized commands via crafted API requests
• What the Fortinet headquarters in California is now calling a 'translation problem' sounded completely different during the research: Swiss Fortinet representatives described the toothbrush case as a real DDoS at a meeting that discussed current threats

Headlines

• Feb. 9, 2024 - New Fortinet RCE bug is actively exploited, CISA confirms
• Feb. 9, 2024 - A look at Fortinet's week to forget
• Feb. 9, 2024 - Fortinet Warns of Critical FortiOS SSL VPN Vulnerability Under Active Exploitation
• Feb. 8, 2024 - Critical Patches Released for New Flaws in Cisco, Fortinet, VMware Products
• Feb. 8, 2024 - Fortinet warns of new FortiSIEM RCE bugs in confusing disclosure
• Feb. 7, 2024 - Fortinet addressed two critical FortiSIEM vulnerabilities
• Feb. 7, 2024 - Fortinet snafu: Critical FortiSIEM CVEs are duplicates, issued in error
• Feb. 7, 2024 - Fortinet Patches Critical Vulnerabilities in FortiSIEM
• Feb. 6, 2024 - Twin Max-Severity Bugs Open Fortinet's SIEM to Code Execution
• Feb. 6, 2024 - Fortinet FortiSIEM hit by two 10/10 severity vulns
• Feb. 5, 2024 - CVE-2024-23108 & CVE-2024-23109 (CVSS 10): Critical Command Injection Flaws in Fortinet FortiSIEM

CVE-2024-23108

CRITICAL CVSS 9.80 EPSS Score 0.07 EPSS Percentile 27.22

Risk Context N/A

Published: Feb. 5, 2024

An improper neutralization of special elements used in an os command ('os command injection') in Fortinet FortiSIEM version 7.1.0 through 7.1.1 and 7.0.0 through 7.0.2 and 6.7.0 through 6.7.8 and 6.6.0 through 6.6.3 and 6.5.0 through 6.5.2 and 6.4.0 through 6.4.2 allows attacker to execute unauthorized code or commands via via crafted API requests.

Vendor Impacted: Fortinet

Product Impacted: Fortisiem

Quotes

• Potentially being exploited in the wild
• Improper neutralization of special elements
• If the affected user has administrative privileges, these actions could include modifying the system configuration and creating new privileged accounts
• A out-of-bounds write vulnerability [CWE-787] in FortiOS may allow a remote unauthenticated attacker to execute arbitrary code or command via specially crafted HTTP requests
• A modification was made to the original FG-IR-23-130 - which commonly happens to ensure ongoing accuracy of information and updates are pushed to the NVD Database in parallel to keep the two systems in sync
• Multiple improper neutralization of special elements used in an OS Command vulnerability [CWE-78] in FortiSIEM supervisor may allow a remote unauthenticated attacker to execute unauthorized commands via crafted API requests
• What the Fortinet headquarters in California is now calling a 'translation problem' sounded completely different during the research: Swiss Fortinet representatives described the toothbrush case as a real DDoS at a meeting that discussed current threats

Headlines

• Feb. 9, 2024 - New Fortinet RCE bug is actively exploited, CISA confirms
• Feb. 9, 2024 - A look at Fortinet's week to forget
• Feb. 9, 2024 - Fortinet Warns of Critical FortiOS SSL VPN Vulnerability Under Active Exploitation
• Feb. 8, 2024 - Critical Patches Released for New Flaws in Cisco, Fortinet, VMware Products
• Feb. 8, 2024 - Fortinet warns of new FortiSIEM RCE bugs in confusing disclosure
• Feb. 7, 2024 - Fortinet addressed two critical FortiSIEM vulnerabilities
• Feb. 7, 2024 - Fortinet snafu: Critical FortiSIEM CVEs are duplicates, issued in error
• Feb. 7, 2024 - Fortinet Patches Critical Vulnerabilities in FortiSIEM
• Feb. 6, 2024 - Twin Max-Severity Bugs Open Fortinet's SIEM to Code Execution
• Feb. 6, 2024 - Fortinet FortiSIEM hit by two 10/10 severity vulns
• Feb. 5, 2024 - CVE-2024-23108 & CVE-2024-23109 (CVSS 10): Critical Command Injection Flaws in Fortinet FortiSIEM

CVE-2022-42475

CRITICAL CVSS 9.80 EPSS Score 43.16 EPSS Percentile 97.21

CISA Known Exploited Actively Exploited Remote Code Execution Public Exploits Available

Published: Jan. 2, 2023

A heap-based buffer overflow vulnerability [CWE-122] in FortiOS SSL-VPN 7.2.0 through 7.2.2, 7.0.0 through 7.0.8, 6.4.0 through 6.4.10, 6.2.0 through 6.2.11, 6.0.15 and earlier and FortiProxy SSL-VPN 7.2.0 through 7.2.1, 7.0.7 and earlier may allow a remote unauthenticated attacker to execute arbitrary code or commands via specifically crafted requests.

Vendor Impacted: Fortinet

Products Impacted: Fortigate-6500f, Fortigate-6500f-Dc, Fortigate-6501f, Fortigate-6501f-Dc, Fortios, Fim-7904e, Fortigate-7030e, Fpm-7630e, Fortiproxy, Fim-7901e, Fortigate-7040e, Fortigate-7121f, Fpm-7620f, Fim-7920e, Fortigate-7060e, Fortigate-6601f, Fortigate-6300f, Fortigate-6300f-Dc, Fpm-7620e, Fim-7921f, Fim-7941f, Fortigate-6601f-Dc, Fim-7910e

Quotes

• She took his coat and hung it up
• Potentially being exploited in the wild
• Coathanger could be used along with an any future FortiGate device vulnerability
• This [computer network] was used for unclassified research and development (R&D)
• The effects of the intrusion were limited because the victim network was segmented from the wider MOD networks
• It hides itself by hooking system calls that could reveal its presence. It survives reboots and firmware upgrades
• A out-of-bounds write vulnerability [CWE-787] in FortiOS may allow a remote unauthenticated attacker to execute arbitrary code or command via specially crafted HTTP requests
• The Ministry of Defence (MOD) of the Netherlands was impacted in 2023 by an intrusion into one of its networks. The effects were limited because of prior network segmentation

Headlines

• Feb. 9, 2024 - New Fortinet RCE bug is actively exploited, CISA confirms
• Feb. 9, 2024 - Fortinet Warns of New FortiOS Zero-Day
• Feb. 9, 2024 - Fortinet warns of a new actively exploited RCE flaw in FortiOS SSL VPN
• Feb. 9, 2024 - Fortinet Warns of Critical FortiOS SSL VPN Vulnerability Under Active Exploitation
• Feb. 8, 2024 - China Caught Dropping RAT Designed for FortiGate Devices
• Feb. 7, 2024 - Chinese hackers breached Dutch Ministry of Defense
• Feb. 7, 2024 - Chinese Spies Hack Dutch Networks With Novel Coathanger Malware
• Feb. 7, 2024 - China-linked APT deployed malware in a network of the Dutch Ministry of Defence
• Feb. 7, 2024 - Chinese Hackers Exploited FortiGate Flaw to Breach Dutch Military Network
• Feb. 6, 2024 - Chinese hackers infect Dutch military network with malware
• Feb. 6, 2024 - Netherlands reveals Chinese spies attacked its defense dept

CVE-2024-21762

CRITICAL CVSS 9.80

CISA Known Exploited Actively Exploited Remote Code Execution

Published: Feb. 9, 2024

A out-of-bounds write in Fortinet FortiOS versions 7.4.0 through 7.4.2, 7.2.0 through 7.2.6, 7.0.0 through 7.0.13, 6.4.0 through 6.4.14, 6.2.0 through 6.2.15, 6.0.0 through 6.0.17, FortiProxy versions 7.4.0 through 7.4.2, 7.2.0 through 7.2.8, 7.0.0 through 7.0.14, 2.0.0 through 2.0.13, 1.2.0 through 1.2.13, 1.1.0 through 1.1.6, 1.0.0 through 1.0.7 allows attacker to execute unauthorized code or commands via specifically crafted requests

Vendor Impacted: Fortinet

Product Impacted: Fortios

Quotes

• Potentially being exploited in the wild
• Note that this will prevent FortiGate discovery from FortiManager. Connections from the FortiGate will still work
• A out-of-bounds write vulnerability [CWE-787] in FortiOS may allow a remote unauthenticated attacker to execute arbitrary code or command via specially crafted HTTP requests

Headlines

• Feb. 9, 2024 - New Fortinet RCE bug is actively exploited, CISA confirms
• Feb. 9, 2024 - Critical Alert: FortiOS Vulnerable to Remote Code Execution (CVE-2024-23113)
• Feb. 9, 2024 - Fortinet Releases Security Advisories for FortiOS | CISA
• Feb. 9, 2024 - Fortinet Releases Security Advisories for FortiOS and FortiClientEMS | CISA
• Feb. 9, 2024 - Fortinet Warns of New FortiOS Zero-Day
• Feb. 9, 2024 - Multiple Vulnerabilities in FortiOS Could Allow for Remote Code Execution
• Feb. 9, 2024 - Fortinet warns of a new actively exploited RCE flaw in FortiOS SSL VPN
• Feb. 9, 2024 - Fortinet Warns of Critical FortiOS SSL VPN Vulnerability Under Active Exploitation
• Feb. 8, 2024 - New Fortinet RCE flaw in SSL VPN likely exploited in attacks
• Feb. 8, 2024 - CVE-2024-21762 (CVSS 9.6): FortiOS SSL-VPN Zero-Day Pre-Auth RCE Flaw

CVE-2024-23917

CRITICAL CVSS 9.80 EPSS Score 0.09 EPSS Percentile 37.30

Remote Code Execution

Published: Feb. 6, 2024

In JetBrains TeamCity before 2023.11.3 authentication bypass leading to RCE was possible

Vendor Impacted: Jetbrains

Product Impacted: Teamcity

Quotes

• All versions from 2017.1 through 2023.11.2 are affected by this issue
• We strongly advise all TeamCity On-Premises users to update their servers to 2023.11.3 to eliminate the vulnerability
• The vulnerability may enable an unauthenticated attacker with HTTP(S) access to a TeamCity server to bypass authentication checks and gain administrative control of that TeamCity server
• If abused, the flaw may enable an unauthenticated attacker with HTTP(S) access to a TeamCity server to bypass authentication checks and gain administrative control of that TeamCity server
• Authentication and authorization have been at the top of the OWASP Top Ten for over two decades. And it’s obvious that attackers are now focusing on exploiting these critical defenses and gaining administrative access
• We have fixed this vulnerability in version 2023.11.3 and have already notified our customers. We will also release additional technical details of the vulnerability shortly. In the meantime, we strongly advise all TeamCity On-Premises users to update their servers to 2023.11.3 to eliminate the vulnerability

Headlines

• Feb. 9, 2024 - JetBrains Releases Security Advisory for TeamCity On-Premises | CISA
• Feb. 7, 2024 - Patch Now: Critical TeamCity Bug Allows for Server Takeovers
• Feb. 7, 2024 - Patched Critical Flaw Exposed JetBrains TeamCity Servers
• Feb. 7, 2024 - Experts warn of critical JetBrains TeamCity On-Premises bug
• Feb. 7, 2024 - JetBrains issues urgent patches for critical TeamCity vuln
• Feb. 7, 2024 - On-premises JetBrains TeamCity servers vulnerable to auth bypass (CVE-2024-23917)
• Feb. 7, 2024 - Critical JetBrains TeamCity On-Premises Flaw Exposes Servers to Takeover - Patch Now
• Feb. 6, 2024 - JetBrains warns of new TeamCity auth bypass vulnerability
• Feb. 6, 2024 - Critical Alert: CVE-2024-23917 Exposes TeamCity to Unauthenticated Attacks

CVE-2023-34992

CRITICAL CVSS 9.80 EPSS Score 0.07 EPSS Percentile 27.22

Risk Context N/A

Published: Oct. 10, 2023

A improper neutralization of special elements used in an os command ('os command injection') in Fortinet FortiSIEM version 7.0.0 and 6.7.0 through 6.7.5 and 6.6.0 through 6.6.3 and 6.5.0 through 6.5.1 and 6.4.0 through 6.4.2 allows attacker to execute unauthorized code or commands via crafted API requests.

Vendor Impacted: Fortinet

Product Impacted: Fortisiem

Quotes

• Potentially being exploited in the wild
• Improper neutralization of special elements
• If the affected user has administrative privileges, these actions could include modifying the system configuration and creating new privileged accounts
• In this instance, due to an issue with the API which we are currently investigating, rather than an edit, this resulted in two new CVEs being created, duplicates of the original CVE-2023-34992
• A modification was made to the original FG-IR-23-130 - which commonly happens to ensure ongoing accuracy of information and updates are pushed to the NVD Database in parallel to keep the two systems in sync
• Multiple improper neutralization of special elements used in an OS Command vulnerability [CWE-78] in FortiSIEM supervisor may allow a remote unauthenticated attacker to execute unauthorized commands via crafted API requests
• What the Fortinet headquarters in California is now calling a 'translation problem' sounded completely different during the research: Swiss Fortinet representatives described the toothbrush case as a real DDoS at a meeting that discussed current threats

Headlines

• Feb. 9, 2024 - New Fortinet RCE bug is actively exploited, CISA confirms
• Feb. 9, 2024 - A look at Fortinet's week to forget
• Feb. 8, 2024 - Critical Patches Released for New Flaws in Cisco, Fortinet, VMware Products
• Feb. 8, 2024 - Fortinet warns of new FortiSIEM RCE bugs in confusing disclosure
• Feb. 7, 2024 - Fortinet addressed two critical FortiSIEM vulnerabilities
• Feb. 7, 2024 - Fortinet snafu: Critical FortiSIEM CVEs are duplicates, issued in error
• Feb. 7, 2024 - Fortinet Patches Critical Vulnerabilities in FortiSIEM
• Feb. 6, 2024 - Fortinet FortiSIEM hit by two 10/10 severity vulns
• Feb. 5, 2024 - CVE-2024-23108 & CVE-2024-23109 (CVSS 10): Critical Command Injection Flaws in Fortinet FortiSIEM

CVE-2023-42793

CRITICAL CVSS 9.80 EPSS Score 97.31 EPSS Percentile 99.86

CISA Known Exploited Actively Exploited Remote Code Execution Used In Ransomware Public Exploits Available

Published: Sept. 19, 2023

In JetBrains TeamCity before 2023.05.4 authentication bypass leading to RCE on TeamCity Server was possible

Vendor Impacted: Jetbrains

Product Impacted: Teamcity

Quotes

• All versions from 2017.1 through 2023.11.2 are affected by this issue
• We strongly advise all TeamCity On-Premises users to update their servers to 2023.11.3 to eliminate the vulnerability
• The vulnerability may enable an unauthenticated attacker with HTTP(S) access to a TeamCity server to bypass authentication checks and gain administrative control of that TeamCity server
• If abused, the flaw may enable an unauthenticated attacker with HTTP(S) access to a TeamCity server to bypass authentication checks and gain administrative control of that TeamCity server
• Authentication and authorization have been at the top of the OWASP Top Ten for over two decades. And it’s obvious that attackers are now focusing on exploiting these critical defenses and gaining administrative access
• We have fixed this vulnerability in version 2023.11.3 and have already notified our customers. We will also release additional technical details of the vulnerability shortly. In the meantime, we strongly advise all TeamCity On-Premises users to update their servers to 2023.11.3 to eliminate the vulnerability

Headlines

• Feb. 7, 2024 - Patch Now: Critical TeamCity Bug Allows for Server Takeovers
• Feb. 7, 2024 - Patched Critical Flaw Exposed JetBrains TeamCity Servers
• Feb. 7, 2024 - Experts warn of critical JetBrains TeamCity On-Premises bug
• Feb. 7, 2024 - JetBrains issues urgent patches for critical TeamCity vuln
• Feb. 7, 2024 - On-premises JetBrains TeamCity servers vulnerable to auth bypass (CVE-2024-23917)
• Feb. 7, 2024 - Critical JetBrains TeamCity On-Premises Flaw Exposes Servers to Takeover - Patch Now
• Feb. 6, 2024 - JetBrains warns of new TeamCity auth bypass vulnerability

CVE-2024-21887

CRITICAL CVSS 9.10 EPSS Score 97.30 EPSS Percentile 99.85

CISA Known Exploited Remote Code Execution Public Exploits Available

Published: Jan. 12, 2024

A command injection vulnerability in web components of Ivanti Connect Secure (9.x, 22.x) and Ivanti Policy Secure (9.x, 22.x) allows an authenticated administrator to send specially crafted requests and execute arbitrary commands on the appliance.

Vendor Impacted: Ivanti

Products Impacted: Policy Secure, Connect Secure And Policy Secure, Connect Secure

Quotes

• A small number of customers
• To date, over 170 attacking IPs [have been] involved
• The SSRF, as we found it, is actually an n-day in the xmltooling library, patched out around June 2023 and assigned CVE-2023-36661. The SSRF can be chained to CVE-2024-21887 for unauthenticated command injection with root privileges
• An XML external entity or XXE vulnerability in the SAML component of Ivanti Connect Secure (9.x, 22.x), Ivanti Policy Secure (9.x, 22.x) and ZTA gateways which allows an attacker to access certain restricted resources without authentication

Headlines

• Feb. 9, 2024 - Ivanti warns of a new auth bypass flaw in its Connect Secure, Policy Secure, and ZTA gateway devices
• Feb. 9, 2024 - Warning: New Ivanti Auth Bypass Flaw Affects Connect Secure and ZTA Gateways
• Feb. 8, 2024 - Ivanti: Patch new Connect Secure auth bypass bug immediately
• Feb. 7, 2024 - Ivanti Connect Secure flaw massively exploited by attackers (CVE-2024-21893)
• Feb. 6, 2024 - Latest Ivanti Zero Day Exploited By Scores of IPs
• Feb. 6, 2024 - Recent SSRF Flaw in Ivanti VPN Products Undergoes Mass Exploitation
• Feb. 6, 2024 - More woes for Ivanti as exploit activity rises
• Feb. 5, 2024 - More mass exploits hit the same buggy Ivanti devices
• Feb. 5, 2024 - Newest Ivanti SSRF zero-day now under mass exploitation
• Feb. 3, 2024 - PoC Exploit Published for Zero-Day Ivanti CVE-2024-21893 Vulnerability

CVE-2024-21893

HIGH CVSS 8.20 EPSS Score 96.25 EPSS Percentile 99.47

CISA Known Exploited Remote Code Execution Public Exploits Available

Published: Jan. 31, 2024

A server-side request forgery vulnerability in the SAML component of Ivanti Connect Secure (9.x, 22.x) and Ivanti Policy Secure (9.x, 22.x) and Ivanti Neurons for ZTA allows an attacker to access certain restricted resources without authentication.

Vendor Impacted: Ivanti

Products Impacted: Neurons For Zero-Trust Access, Connect Secure, Policy Secure, And Neurons, Policy Secure, Connect Secure

Quotes

• A small number of customers
• To date, over 170 attacking IPs [have been] involved
• Agencies running the affected products must assume domain accounts associated with the affected products have been compromised
• We have no evidence of any customers being impacted by CVE-2024-21888 at this time. We are only aware of a small number of customers who have been impacted by CVE-2024-21893 at this time
• An XML external entity or XXE vulnerability in the SAML component of Ivanti Connect Secure (9.x, 22.x), Ivanti Policy Secure (9.x, 22.x) and ZTA gateways which allows an attacker to access certain restricted resources without authentication
• At the time of publication, the exploitation of CVE-2024-21893 appears to be targeted. Ivanti expects the threat actor to change their behavior and we expect a sharp increase in exploitation once this information is public – similar to what we observed on 11 January following the 10 January disclosure

Headlines

• Feb. 9, 2024 - Ivanti warns of a new auth bypass flaw in its Connect Secure, Policy Secure, and ZTA gateway devices
• Feb. 9, 2024 - Warning: New Ivanti Auth Bypass Flaw Affects Connect Secure and ZTA Gateways
• Feb. 8, 2024 - Ivanti: Patch new Connect Secure auth bypass bug immediately
• Feb. 8, 2024 - Spyware isn’t going anywhere, and neither are its tactics
• Feb. 7, 2024 - Ivanti Connect Secure flaw massively exploited by attackers (CVE-2024-21893)
• Feb. 6, 2024 - Latest Ivanti Zero Day Exploited By Scores of IPs
• Feb. 6, 2024 - Recent SSRF Flaw in Ivanti VPN Products Undergoes Mass Exploitation
• Feb. 6, 2024 - More woes for Ivanti as exploit activity rises
• Feb. 5, 2024 - More mass exploits hit the same buggy Ivanti devices
• Feb. 5, 2024 - Experts warn of a surge of attacks targeting Ivanti SSRF flaw
• Feb. 5, 2024 - Newest Ivanti SSRF zero-day now under mass exploitation
• Feb. 3, 2024 - PoC Exploit Published for Zero-Day Ivanti CVE-2024-21893 Vulnerability

CVE-2023-46805

HIGH CVSS 8.20 EPSS Score 96.27 EPSS Percentile 99.47

CISA Known Exploited Remote Code Execution Public Exploits Available

Published: Jan. 12, 2024

An authentication bypass vulnerability in the web component of Ivanti ICS 9.x, 22.x and Ivanti Policy Secure allows a remote attacker to access restricted resources by bypassing control checks.

Vendor Impacted: Ivanti

Products Impacted: Policy Secure, Connect Secure And Policy Secure, Connect Secure

Quotes

• A small number of customers
• To date, over 170 attacking IPs [have been] involved
• An XML external entity or XXE vulnerability in the SAML component of Ivanti Connect Secure (9.x, 22.x), Ivanti Policy Secure (9.x, 22.x) and ZTA gateways which allows an attacker to access certain restricted resources without authentication

Headlines

• Feb. 9, 2024 - Ivanti warns of a new auth bypass flaw in its Connect Secure, Policy Secure, and ZTA gateway devices
• Feb. 9, 2024 - Warning: New Ivanti Auth Bypass Flaw Affects Connect Secure and ZTA Gateways
• Feb. 8, 2024 - Ivanti: Patch new Connect Secure auth bypass bug immediately
• Feb. 7, 2024 - Ivanti Connect Secure flaw massively exploited by attackers (CVE-2024-21893)
• Feb. 6, 2024 - Latest Ivanti Zero Day Exploited By Scores of IPs
• Feb. 6, 2024 - Recent SSRF Flaw in Ivanti VPN Products Undergoes Mass Exploitation
• Feb. 6, 2024 - More woes for Ivanti as exploit activity rises
• Feb. 5, 2024 - More mass exploits hit the same buggy Ivanti devices
• Feb. 5, 2024 - Newest Ivanti SSRF zero-day now under mass exploitation